How to disable Restricted Area window?

February 20, 2014 35.3k views
I installed WordPress following the article "One-click WordPress installation on Ubuntu 13.10". After that, I login in to Restricted Area window with username and password, which are located in /root/WORDPRESS (wp-admin/ folder is protected by Apache's .htaccess.) But now, when I visit my site this message is showing every time. On every page. How to disable it? Thanks.
  • Thanks alot
    It is working fine for my website

  • Can anyone please translate this to something an average user could understand? I'm sorry but I do not have a background in CS and I just can't understand what you guys are talking about. :(

    I installed a new plugin on wordpress (hosted in DigitalOcean using one-click) and I don't really have a problem with the additional server password. But after I installed this plugin called floating social bar, the password prompt appears on every page. I've been told I could just add the admin ajax php on whitelist? But I really don't understand. I tried installing putty but I feel like a monkey on a rocketship.

    Can someone please help. Thank you!

17 Answers

From the main tutorial, One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean:

To remove the additional password prompt, you'll need to log into your VPS instance through SSH.... Once logged in, you need to update the main Apache configuration file. Open it as root with your text editor:

nano /etc/apache2/apache2.conf

Inside, you need to find the section that deals with the "/wp-admin/" section. It should look like this

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user

This entire section can be commented out by placing the "#" character before each line, like this:

#<DirectoryMatch ^.*/wp-admin/>
#    AuthType Basic
#    AuthName "Please login to your droplet via SSH for login details."
#    AuthUserFile /etc/apache2/.htpasswd
#    Require valid-user

Once this is complete, you can restart Apache for your new changes to take affect.

service apache2 restart

This should remove the additional password prompt from the administrative areas, which is usually okay since WordPress itself can handle authentication.

  • It seems that none of us read the tutorials :P.

    Thanks !

  • I only want to leave** restricted-area** when trying to log in meusite.com/wp-login.php, can anyone help? before I was only there, but then was requesting to access any part of the blog. Thank you.

  • @gilsoninacio: To limit the HTTP authentication to /wp-login.php only, use the following configuration instead:

    <DirectoryMatch /var/www>
        <Files wp-login.php>
            AuthType Basic
            AuthName "Restricted Area"
            AuthUserFile /etc/apache2/.htpasswd
            Require valid-user

    Make sure you replace /var/www with the correct path to your Wordpress installation.

  • Perfect! Exactly what I needed thank you.

Yes, wish I knew this too. In addition How to change user and pass. would be helpful too.

There is no .htaccess in /wp-admin/ either. I spent a half-hour looking around with an ftp client. Found just about everything else!!

I emailed Tech support and received the standard "we don't handle....' response. Clearly they kindly and graciously did handle the WP/Ubuntu13 install!

Anyways, hope someone responds soon. Thank you.
I think it's in /etc/apache2/apache2.conf
What if we have users needing to login - to post e.g.?

What was the idea to circumvent them having to bypass the folder security?
What happens if I delete /etc/apache2/apache2.conf? Does the DO WP/Ubuntu install then become a 'standard' Apache/WP install?

Or, what lines do I need to comment out for a 'standard' wproot\.htaccess to run the show?

All I want is for my WP/Ubuntu site to take directives from the /wp root/.htaccess. I am wasting so much time with DO's http auth..

I have the same problem ! login window displays on any page, every times for unloved users…
is someone found an issue about this ?
Kamal, what do we have to change in apache2.conf?
@n.muenzner: Can you pastebin apache2.conf's contents? I haven't actually spun up a Wordpress droplet after the image was updated but it should be something like this:
<Location -

AuthType Basic

Comment out the whole block by adding "#" to the beginning of each line and then restart Apache. Does that work?
I think that we have to remove this code from the file:

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

I did it via WINSCP (sftp) and I had to reboot the droplet (sudo reboot).

I was so happy it worked, because I know nothing about Linux and stuff.
1. sudo nano /etc/apache2/apache2.conf
2. Hit ctrl-w and search for 'wp-admin'
3. Remove these lines

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

4. Hit ctrl-o to write the changes to the file
5. Hit ctrl-x to exit, and then hit 'y' to save the changes.
6. service apache2 restart to restart your server and the folder should now be accessible.
I've changed apache2.conf as above, however all of the pages except wp-admin load as a blank page, until I login. after logging in, they load normally. anyone seen this?
Here are some steps from D.O. to help resolve the issue. https://www.digitalocean.com/community/tutorials/one-click-install-wordpress-on-ubuntu-13-10-with-digitalocean
If you wish to change the password required for the /wp-admin/ directory, type the following while being logged in as root:
htpasswd /etc/apache2/.htpasswd admin
It will ask you to enter a new password, which will be the password for /wp-admin/

my first time here and i run into this nonsense as well. Bitnami does the same crap, thinking they are writing good tutorials/guides but its more confusing than Aamazon's AWS documentation and does not help new comers get into the "cloud", I guess thats why they say "built for developers" and thats why RackSpace is growing so well.

This is discovered and has to troubleshoot for a few hours before deleting or at least a day before getting the answer from somewhere else on the net. So multiply that by countless users and they are getting income at the expense of their customers loss and frustration.

PLEASE improve your documentation !!!

Trying to restart apache failed with the following error:

Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message

I needed to add a line into that same file - /etc/apache2/apache2.conf saying

ServerName localhost   

After adding this line, apache restarted successfully.

I don't know if you guys changed it before but I also had to change permission from wp-admin folder and wp-login.php file.

Have another answer? Share your knowledge.